---
title: Introduction
course: human_hacking
section: "Introduction"
layout: lesson
---

Social engineering (**_SE_**) has been largely misunderstood, leading to many
differing opinions on what social engineering is and how it works. This has led
to a situation where some may view SE as a simply lying to scam trivial free
items such as pizza or obtaining sexual gratification; others think SE just
refers to the tools used by criminals, con men, or perhaps, that is a science
whose theories can be broken down into parts or equations and studied. Or
perhaps it is just a long-lost mystical art giving practitioners the ability to
use powerful mind tricks like a magician or illusionist.

In whatever camp your flag flies, this course is for you. Social engineering is
used every day by everyday people in everyday situations. A child trying to get
her way in the candy aisle or an employee looking for a raise is using social
engineering. Social engineering happens in government or small business
marketing. Unfortunately, it is also present when criminals, con men and the
like trick people into giving away information that makes them vulnerable to
crimes. Like any tool, social engineering is not good or evil, but simply a tool
that has many different uses.

Consider some of these questions to drive that point home:

* Have you been tasked to make your company is as secure as possible?

* Are you a security enthusiast who reads every bit of the latest information
  out there?

* Are you a professional penetration tester who is hired to test the security of
  your clients?

* Are you a college student taking some form of IT specialisation as your major?

* Are you presently a social engineer looking for new and improved ideas to
  utilise in your practise?

* Are you a consumer who fears the dangers of fraud and identity thief?

Regardless of which one of those situations fits you, the information contained
within this course will open your eyes to how you can use social engineering
skills. You will also peer into the dark world of social engineering and learn
how the "_bad guys_" use these skills to gain an upper hand. From there, you
learn how to become less vulnerable to social engineering attacks.

This course is not for the weak. It takes you into those dark corners of society
where the "_black hats_", the malicious hackers live. It uncovers and delves
into areas of social engineering that are employed by spies and con men. It
reviews tactics and tools that seem like they are stolen from a James Bond
movie. In addition, it covers common, everyday situation and then shows how they
are complex social engineering scenarios. In the end, the course uncovers the
"_insider_" tips and tricks of professional social engineers and yes, even
professional criminals.

Some might asked why would I be willing to reveal this information. The answer
is simple: The "_bad guys_" don't stop because of a contractual limitation or
their own morals. They don't cease after one failed attempt. Malicious hackers
don't go away because companies don't like their servers to be infiltrated.
Instead, social engineering, employee deception and internet fraud are used more
and more each day. While software companies are learning how to streghten their
programs, hackers and malicious social engineers are turning to the weakest part
of the infrastructure - _the people_. Their motivation is all about return of
investment (_ROI_); no self-respecting hacker is going to spend 100 hours to get
the same results from a simple attack that takes one hour, or less.

The sad result in the end, is that no way exists to be 100% secure - _unless you
unplug all electronic devices and move to the mountains_. As it is not too
practical, nor envolves a lot of fun, this course discusses ways to become more
aware and educated about the attacks out there and then outlines methods that
you can use to protect against them. Being educated is one of the only surefire
ways to remain secure against the increasing threats of social engineering and
identity theft.

The old hacker adage, "_knowledge is power_" does apply here. The more knowledge
and understanding one has of the dangers and threats of social engineering, each
customer and business can have and the more each attack scenario is dissected,
the easier it will be to protect from, mitigate and stop these attacks. That is
where the power of all this knowledge will come in.
